I’ve had a nightmare the last couple of days getting mysql replication setup over SSL. Turns out some things have changed since upgrading to Ubuntu 12.04 Precise. In the end, the solutions were simple.
First, the server-key.pem file needs to have RSA in the header. I manually edited the keys and added the RSA part, it worked, like so:
-----BEGIN RSA PRIVATE KEY-----
Second, I learned that certificates generated by openssl on Precise do not work with mysql on precise. To get around that issue, I generated my certs on an old 10.04 box and it worked fine. Prior to that, when trying to connect, I got the error:
ERROR 2026 (HY000): SSL connection error: SSL certificate validation failure
Finally, after two days of messing about, replication is once again running, and SSL enabled.